Index

Get backend infos (whatweb)
Enumerate directories and files
Enumerate subdomains
Use automatic tool to audit web app
Check .git exposure
Test Clickjacking vulnerability
Web Penetration Test Enumeration Guide | Agr0 Hacks Stuff TO IMPLEMENT IN WIKI

Get backend infos (whatweb)

whatweb -a 3 "<http://target>:port"

Enumerate directories and files

gobuster

gobuster dir -w /usr/share/wordlists -u http://<IP>:<PORT>/ -t <THREADS> -x <EXTENSIONS>

ffuf

Basic scan:

ffuf -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-big.txt -u http://<IP>:<PORT>/FUZZ -ic -t <Number.Of.THREADS> | tee "ffuf_$(date '+%Y-%m-%d_%H-%M-%S').txt"

Recursive scan: